Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security policy flow down system

a security policy and flow down system technology, applied in the field of systems and methods for implementing an automated security policy, can solve the problems of affecting the implementation of information security in an organization, affecting the effectiveness of the security policy implementation process, and unable to provide a comprehensive framework for capturing, so as to facilitate further analysis

Active Publication Date: 2013-10-29
LOCKHEED MARTIN CORP
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The patent is about creating a model and system to capture the critical elements and relationships in a security policy and ensure they are properly defined and enforced in a consistent and verifiable way. This would help create a reusable tool to assist in analyzing, visualizing, and verifying the flow down from security policy to guidelines and standards in a particular security environment.

Problems solved by technology

Conventionally, the implementation of information security with an organization is largely human dependent.
In general, there does not exist a comprehensive framework for capturing, for instance, relationships between overarching policy objectives and specific security implementation guidelines.
The lack of a comprehensive framework makes it difficult for the individuals tasked with implementing, overseeing and enforcing information security policy to ensure, with any degree of confidence, that the security infrastructure properly reflects the organization's overall goals and objectives.
This difficulty is exacerbated in the all-too-often occurrence where a change in certain situational factors dictates some shift in the security posture of the organization.
Absent an overarching framework, it is difficult for any individual or group to first visualize, and then analyze, an overall impact of potential changes.
This difficulty becomes even more acute in instances where, for example, security policies are intended to be shared between organizations.
The current manual process, overseen by the specified individual(s) suffers from a number of significant drawbacks in meeting the above objectives.
A very basic difficulty exists in interpretation of the terminology used in preparing and interpreting policies, guidelines, standards, procedures, requirements, and ultimately configurations for the security policy implementations.
Unfortunately, within this task of interpretation, there exists an unavoidable level of semantic ambiguity.
This semantic ambiguity often then leads to differing interpretations of the requirements and the configuration by even a small group of individuals tasked with carrying out the security implementation, or between the individual noted above who is tasked with carrying into effect the security policy today, and that individual's successor.
A result is that a specific change in configuration, update or fix may not be adequately managed network wide.
A reliance on individual humans in the loop further then suffers because there is incomplete, if any, detailed turnover from one individual to the next regarding a specific interpretation of what a particular term in a particular security configuration entails.
Simply put, different individuals, without detailed guidance, which is often non-existent, will likely interpret a large number of terms in a security policy implementation in different ways leading to potentially vast differences in implementation of the security policy.
Significant difficulties are then encountered in verification of the security policy implementation as those metrics are then themselves open to broad interpretation.
Even with that expert intuition, however, a measurable level of consistency in the manual process remains largely unachievable.
For the above reasons, security policy implementations within organizations, or across organizational lines where required, end up being subject to significant interpretation leading to wide variability in carrying out security policies.
If room existed for interpretation of a specification for a manufactured article, it is likely that unacceptable variations in the manufactured article would be introduced.
In like manner, in the case of automated inventory control, if there were room for interpretation, inventory management would quickly suffer.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security policy flow down system
  • Security policy flow down system
  • Security policy flow down system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0002]This disclosure relates to systems and methods for implementing an automated security policy for an organization, particularly through implementing a semantic model in a formal modeling language such as Unified Modeling Language Model (UML), Web Ontology Language (OWL), Semantic Application Design Language (SADL), a controlled-English language that maps directly into OWL, or any other semantic language capable of capturing the instances, classes, and relationships of the security domain in such a way as to render the model computable.

[0003]2. Related Art

[0004]The information security of an organization is generally governed at the highest levels by the existence of policies, guidelines and standards. These policies, guidelines and standards are generally provided in written form. One or more individuals in the organization are then tasked with developing information security procedures, requirements and, in many cases, specific configurations for information security policy im...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A system and method are provided that distill an organization's information security plan into a detailed and unambiguous security object model. The developed security object model provides a visualization of complex relationships between individual elements and levels that is usable to carry into effect the organization's information security plan. Configuration control and a verifiable level of security compliance are provided through implementation of the organization's information security plan by the developed security object model. The developed security object model is hosted on a computing platform in communication with at least the organization's network to provide information security plan compliance, configuration control and gap analysis in a usable form to the organization.

Description

BACKGROUND[0001]1. Field of the Disclosed Embodiments[0002]This disclosure relates to systems and methods for implementing an automated security policy for an organization, particularly through implementing a semantic model in a formal modeling language such as Unified Modeling Language Model (UML), Web Ontology Language (OWL), Semantic Application Design Language (SADL), a controlled-English language that maps directly into OWL, or any other semantic language capable of capturing the instances, classes, and relationships of the security domain in such a way as to render the model computable.[0003]2. Related Art[0004]The information security of an organization is generally governed at the highest levels by the existence of policies, guidelines and standards. These policies, guidelines and standards are generally provided in written form. One or more individuals in the organization are then tasked with developing information security procedures, requirements and, in many cases, speci...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(United States)
IPC IPC(8): G06F21/00
CPCG06F21/00G06F21/604G06F21/6218
Inventor BARNETT, BRUCEEVANS, SCOTTMITCHELL, JR., ROBERT JAMESMARKHAM, THOMASDILL, STEPHENHANNON, VINCENTELLIOTT, JOHN PATRICKCRAPO, ANDREW
Owner LOCKHEED MARTIN CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products